W3C home > Mailing lists > Public > public-web-security@w3.org > December 2011

Re: Proposed directive for CSP.next: "no-user-js"

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 14 Dec 2011 14:15:10 -0800
Message-ID: <CALx_OUDFTdCc9iD+1hLZa31GeC_cJw+Pu+oWq=Sr_t35vshyyw@mail.gmail.com>
To: Brandon Sterne <bsterne@mozilla.com>
Cc: public-web-security@w3.org

Or to put this differently, there is some risk that if you put browser
configuration settings in scope for CSP, you will end up with MSIE
zone model at some point ;-)

Received on Wednesday, 14 December 2011 22:16:01 GMT

This message: [ Message body ]
Next message: Devdatta Akhawe: "Re: Proposed directive for CSP.next: "no-user-js""
Previous message: Michal Zalewski: "Re: Proposed directive for CSP.next: "no-user-js""
In reply to: Michal Zalewski: "Re: Proposed directive for CSP.next: "no-user-js""
Next in thread: Devdatta Akhawe: "Re: Proposed directive for CSP.next: "no-user-js""
Reply: Devdatta Akhawe: "Re: Proposed directive for CSP.next: "no-user-js""

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 14 December 2011 22:16:03 GMT